The methods and systems for electronic voting have begun to be widely used in various instances, both in particular votes, such as those including analysis of trends and opinion polls, and large popular votes, e.g. related to elections of public office or referendums.
Indeed, the early history of massive implementation of electronic voting dates back to 1964, with the United States being one of the pioneers in implementing such a system. At that time, electronic voting systems were installed directly in the polling stations, using punch cards and counting computer machines. Such devices have evolved over time in order to comply with the requirements of security, anonymity and transparency, as well as to improve the administration and counting of mass votes thanks to automation.
In 1996 the US government implemented the first election in which various voting mechanisms were offered, including Internet, mail and telephone voting. However, the first parliamentary election offering voting capacity by Internet was conducted in Estonia, in 2007, where the voter used a smart identification card as authentication agent. At that time, the objective was to make the voting process easier releasing the polling place at voter's choice; about 4% of votes was cast by accessing the Internet. Advanced examples of such electronic voting systems are found in US patent applications 2011/0238463 and US 2012/0095811, where electronic voting systems and methods are proposed that integrate various mechanisms for voter identification, management of voting and counting of votes cast, in addition to security mechanisms to authenticate the vote and results.
In this respect, during parliamentary votes in Europe in 2011, the highest percentage of Internet voting was obtained, with 24% of total votes. This high percentage was attributable to the provision of mobile phones as voter identification equipment, as proposed in the patent application US 2014/0207537, a document that also considered portable computers as an interface comprising the ballot.
Considering the above background, the patent application US 2002/0077886 discloses a system, a method and apparatus for electronic voting that is installed in the polling place, wherein said apparatus provides independent systems for recording and counting, and printing the ballot papers issued. In this context, the apparatus provides separate storage means for storing redundant voting information, with the storage of, at the very least, voting information in electronic memories, used by the system for counting, as well as information on paper voting, usually used to audit the voting process. Furthermore, the apparatus of the application uses a display device in which an interface is implemented for the voter that provides a voting session identifier. This provides transparency in every vote and maintains anonymity between each vote and the voter. However, the method, system and apparatus of the application consider printing the votes with identification codes assigned to the user, which facilitates the association of a vote with the applicable voter. Moreover, the voting machines are installed in polling places; thus, remote secure voting is not possible. Therefore, the solution proposed by the application US 2002/0077886 does not address issues related to remote voting or how to facilitate voting so as to stimulate the number of votes; in addition, it has serious security problems associated with voting, mainly anonymity and non-coercion. These problems result from the random printing of the code in the voting paper, thus allowing for the possibility of associating the code with the voter and, therefore, associate the voter with the vote cast.
Moreover, the publication of patent application WO 2012/137035 defines the use of GMS networks for a mobile voting system based on nationwide location, where the GMS network is used to access all citizens of a region and to provide real-time connection to a central database platform. This central database collects the online votes, counting those votes securely, taking into consideration the voter's anonymity by avoiding the storage of information associated with their identity, and providing the possibility of accessing the system for audit. In short, the system proposed by the publication is to use the GMS network to collect the votes of the voters and to obtain their location. While this solution allows releasing the voter from the polling place, it does not ensure the protection of the vote and the voter with respect to the main requirements or pillars where electronic voting is framed. Indeed, the system proposed by the WO 2012/137035 does not include features to prevent electoral fraud, which becomes relevant in electronic systems due to the management of information and the possibility that malicious third parties, for example hackers, gain access to it.
Regarding the above, it is identified that security in electronic voting systems is of high relevance. In this regard, the document JP 2011028376 provides an electronic voting system using cell phones, with the system comprised of a server arranged in a network and cellular phones; each phone includes an identifier corresponding to the IMSI number associated with the device's SIM card. Said system comprises various programs to cast a vote, including a program preventing double vote in the same cell phone through the identification of the identifier. In this context, the document in question only takes care of voting security with respect to doubling the vote, without proposing security mechanisms that may avoid, among other things, electoral fraud by malicious third parties. Moreover, users with multiple SIM cards may attempt to violate the security of the system by introducing such cards in the device used for voting.
In addition, the document EP 2455919 describes an electronic voting method that uses a mobile communications network. This method considers various security mechanisms, among which a PIN number known by the voter is sent to the authority in charge of the election to verify and authorize the electronic voting of said voter. Such approval takes place with a code received by the voter, who also receives information to vote. A random number is generated by a trusted authority and sent to the voter, so that the encrypted voting information and the random number are sent to the authority in charge of the election process. Considering the above, the document EP 2455919 proposes a complex security system that increases the voting security but it is not able to prevent malicious third parties accessing the information found online and handle or disclose it without authorization. Indeed, the single method of protection against third party access is encryption of information, a methodology that is currently vulnerable because of the great capabilities computers have in processing information, which allows the deciphering of even the most advanced encryptions. In addition, the voting verification system is cumbersome and complex, increasing the chances of failure during operation. Regarding anonymity, the document EP 2455919 states that this requirement is achieved by associating the vote with an encrypted random number and not with the information of the voter; however, this association prevents voters from verifying themselves the cast vote.
The document patent application US 2014/0089062 provides a voting system that uses smartphones, indicating that this provides a safe and quick method to vote. In this regard, this document uses different modules including a certificate management module and a module for managing aspects of voting, such as management of voter information, voter registration and identity, generation and verification of voting certificate, among others. In this context, the system and method proposed by this document considers the constant communication between the voter and a server that verifies the identity of the voter and, after verification, it issues a voting certificate authorizing the vote. In addition, the secret voting system proposed in the document US 2014/0089062 is comprised of a series of steps and involves various modules which complicate voting, making it unfriendly for the voter. Finally, the system and method proposed in the document does not propose a simple and effective solution to prevent voter fraud by malicious third parties, since the only barrier facing such fraud is encryption of information, which is not secure when validating a vote. Ii addition, secrecy in voting is only insured by the certification of the voter registration, which—added to the non-verifiability of the method of the vote—increases the uncertainty of the system.
In this context, many systems use similar methodologies to those described in US 2014/0089062, such as US 2008/0105742 and US 2005/101307 documents in which identification mechanisms are used as comparison between transaction identifiers and identification and encryption as a primary means of security against fraud. Indeed, most of the solutions that propose the use of portable devices, such as smart phones as a means of voting, take over security aspects related to voting secrecy and anonymity of the voter, without addressing other risks associated with voting, such as verifiability and non-coercion, among others that are discussed below.
Although it has been shown that electronic voting systems have been used for several years, these systems are not free from errors that can lead to invalidate an election. Among these errors, the most relevant ones relate to the authentication of the voter, the registration of voter preferences by voting intention, the counting of preferences and security in the sense that data are not altered, being these some of the pillars that a voting system must ensure. Moreover, more complex voting systems have the disadvantage of relying on the operation of elements of such systems, such as identification devices by fingerprint and network capabilities, among others.
As already indicated, the alteration of the electronic voting records from malicious third parties, fraud, failure or errors in computer systems is a risk inherent in the use of electronic systems, primarily due to the possibility that such events will not be detectable when the methods and systems prevent voting traceability in order to protect anonymity. Furthermore, methods and systems that maintain traceability of the vote to detect such events do not guarantee anonymity. In this respect, a relevant problem to be solved by electronic voting systems is to maintain the anonymity of the voter, preventing a particular vote to be traced to a voter, while allowing verifiability, and detection of attempts on security from malicious third parties, fraud, failures or errors in computer systems in order to ensure voting integrity is not compromised.
In this context, experts have reached consensus that a method and system for electronic voting should be evaluated on the basis of six dimensions, which also apply to traditional voting systems. Here, the requirements established relate to:                Ensuring the legitimacy of the vote,        Preventing coercion (non-coercion)        Capturing the voter's intention,        Safeguarding of voter's privacy (anonymity),        Security and transparency of the voting system, and        Verifiability of the cast votes.        
These requirements are necessary to achieve the objective of proposing a secure voting system both for the process itself and for the voter. In this respect, in an electronic voting system, the requirement for verifiability has replaced the supervision of vote counting used in traditional voting processes by allowing each voter to verify whether their vote was properly considered, but taking into account that this could facilitate bribery if the process allows a third party to also verify the vote of each voter.
Despite the facilities provided by an electronic voting method and system, there is a cultural barrier to the use of such systems, which results in relatively low percentages compared to traditional voting. In this context, the main barrier refers to the voters' distrust of voting in electronic devices at the time of voting, due to the fact that involvement in the process and/or performance is unrelated to the user.
Regarding the above, today the use of personal high-performance portable devices such as smartphones, has increased considerably, with those devices being part of the daily lives of users. Indeed, today's portable devices offer users multiple features, including Internet access, online banking, handling emails and storing personal information, where such features often involve sensitive user information. In this sense, safe handling of sensitive or critical information on mobile portable devices has been the object of major developments; thus, at present there are security systems that greatly reduce the possibility of critical information leakage, achieving acceptable safety levels, as those associated with the use of smart cards for authentication purposes. However, considering the flexibilities in the electronic environment, the risk will always exist that malicious third parties may overcome the security systems, thus gaining access to alter sensitive or critical information, which can be countered by providing voter verifiability and ensuring its anonymity.
It is therefore necessary to implement an electronic voting system and method able to simultaneously meet the six dimensions previously stated, while encouraging use by implementing a reliable and familiar interface for the voter, wherein said voter can verify the correct issue and vote counting, safeguarding the privacy of the voter, and containing the risk associated with malicious third parties, fraud, failure or errors in computer systems.